Madman wrote:Process monitor from Sysinternals suite. It's a free Microsoft backed software suite that is a must have for any software developer.

Slight nitpick here. Mark Russinovich and Bryce Cogswell (Damn you, Spacely!!) wrote all of the Sysinternals stuff long before they were assimilated by Microsoft. Essentially, MS realized that the Sysinternals applets fixed so many of the geeky nags inherent in NT-based Windows that they paid off the Sysinternals crew and brought it in-house. MS had no part in the development of these tools.

That said, the Sysinternals stuff is pure gold for those who need to delve into the nitty-gritty of Windows issues. My personal favorites are Autoruns and ProcMon. I do wish they'd update Rootkit Revealer.

Madman wrote:Process monitor from Sysinternals suite. It's a free Microsoft backed software suite that is a must have for any software developer.

Slight nitpick here. Mark Russinovich and Bryce Cogswell (Damn you, Spacely!!) wrote all of the Sysinternals stuff long before they were assimilated by Microsoft. Essentially, MS realized that the Sysinternals applets fixed so many of the geeky nags inherent in NT-based Windows that they paid off the Sysinternals crew and brought it in-house. MS had no part in the development of these tools.

Nitpick of your nitpick. Since Microsoft effectively assimilated Sysinternals lock stock and barrel and now host the Sysinternals content and tools, saying that it is "Microsoft backed" is in fact technically correct, in the same way that it is correct to say that Hotmail, Skype, etc. are Microsoft products even though they were originally developed by third parties.

The years just pass like trains. I wave, but they don't slow down.-- Steven Wilson

Many iexplore.exe hits when I mess with Advanced settings, but the gist is that it reads the key and sets it to the current setting and then closes the key. Only one setting I've found so far actually sets a different value but I already knew about it. I can see when the GPO gets applied periodically but that just writes a value, doesn't really tell me what value goes with what. The other values I think might be related like these:

Allow software to run or install even if the signature is invalidCheck for server certificate revocationCheck for signatures on downloaded programs

...all check the key and don't write a new value to it and then go and toggle a specific key in a different place that's particular to that function. So possibly some of the lower value bitmasks were legacy for IE 3.x and earlier? I'd buy that but I haven't yet found something that shows a depreciated listing or somethin' of that sort.

So it's a handy tool but I don't think it's going to help me divine the values that I don't already know.

So we do have those two settings set via GPO. I already know that "Check for publisher's certificate revocation" is responsible for the 0x200 difference there. And "Check for server certificate revocation" doesn't affect it. But pushing those out via GPO somehow corrupts the rest of the settings? You end up with 0x2C9?

Is this a MS bug? My solution would be to get rid of those settings via GPO and instead push out the proper registry keys for them, I guess. But it still bugs me that it's setting that funky value.